initial: server + shared

2026-06-11 13:41:38 +05:00
commit 65da047e7c
148 changed files with 15900 additions and 0 deletions
@@ -0,0 +1,196 @@
+# Первичная настройка LXC для Craftshop
+
+Выполнять от **root** на свежем Debian/Ubuntu LXC.
+
+---
+
+## 1. Базовые пакеты и Node.js
+
+```bash
+apt-get update -y
+apt-get install -y ca-certificates curl gnupg curl git
+
+curl -fsSL https://deb.nodesource.com/setup_22.x | bash -
+apt-get install -y nodejs
+
+node --version  # ожидается >= 22
+npm --version
+```
+
+## 2. Каталоги
+
+```bash
+mkdir -p /opt/craftshop/server/uploads /opt/craftshop/www
+```
+
+## 3. systemd unit
+
+```bash
+cat >/etc/systemd/system/craftshop-api.service <<'UNIT'
+[Unit]
+Description=Craftshop API (Fastify)
+After=network.target
+
+[Service]
+Type=simple
+User=root
+Group=root
+WorkingDirectory=/opt/craftshop/server
+EnvironmentFile=-/opt/craftshop/server/.env
+ExecStart=/usr/bin/node src/index.js
+Restart=on-failure
+RestartSec=5
+LimitNOFILE=65535
+
+[Install]
+WantedBy=multi-user.target
+UNIT
+
+systemctl daemon-reload
+systemctl enable craftshop-api.service
+```
+
+## 4. Nginx
+
+```bash
+apt-get install -y nginx
+
+cat >/etc/nginx/sites-available/craftshop <<'NGX'
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    server_name _;
+
+    root /opt/craftshop/www;
+    index index.html;
+
+    location /api/ {
+        client_max_body_size 250m;
+        proxy_pass http://127.0.0.1:3333;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+
+    location /uploads/ {
+        proxy_pass http://127.0.0.1:3333;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location /uploads-resized/ {
+        client_max_body_size 250m;
+        proxy_pass http://127.0.0.1:3333;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.html;
+    }
+}
+NGX
+
+rm -f /etc/nginx/sites-enabled/default
+ln -sf /etc/nginx/sites-available/craftshop /etc/nginx/sites-enabled/craftshop
+nginx -t && systemctl reload nginx
+```
+
+## 5. NetBird VPN
+
+```bash
+curl -fsSL https://pkgs.netbird.io/install.sh | sh
+netbird up
+```
+
+После `netbird up` появится интерфейс `wt0` с IP из твоей NetBird-сети. Запомни его — он понадобится для NPM.
+
+## 6. Переменные окружения
+
+Сгенерируй JWT_SECRET:
+
+```bash
+node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
+```
+
+Создай `.env`:
+
+```bash
+cat >/opt/craftshop/server/.env <<'ENV'
+DATABASE_URL="file:./prod.db"
+PORT=3333
+JWT_SECRET=<вставь сгенерированную строку>
+ADMIN_EMAIL=<твой email>
+CORS_ORIGIN=https://<твой-домен>
+IS_DEFAULT_CODE_ENABLED=false
+ENV
+chmod 600 /opt/craftshop/server/.env
+```
+
+## 7. Первый деплой
+
+На машине разработчика (после заполнения `scripts/deploy.env`):
+
+```bash
+./scripts/deploy-auto.sh --force
+```
+
+После завершения — на сервере:
+
+```bash
+systemctl start craftshop-api
+systemctl status craftshop-api
+curl http://127.0.0.1:3333/health
+```
+
+## 8. VPS с Nginx Proxy Manager
+
+На VPS (где установлен NPM):
+
+1. DNS-запись A: `craftshop.твой-домен` → IP VPS
+2. В NPM → Proxy Hosts → Add:
+   - Domain: `craftshop.твой-домен`
+   - Forward Hostname: `<NetBird-IP-LXC>` (IP wt0 на LXC)
+   - Forward Port: `80`
+   - SSL: Let's Encrypt
+3. Сохрани
+
+Проверка:
+
+```bash
+curl https://craftshop.твой-домен/api/health
+```
+
+## 9. Бэкапы БД (systemd timer)
+
+Установить таймер для автоматического бэкапа каждые 6 часов:
+
+```bash
+# Установить sqlite3 для безопасного копирования
+apt-get install -y sqlite3
+
+# Скопировать unit-файлы
+cp /opt/craftshop/scripts/craftshop-backup.service /etc/systemd/system/
+cp /opt/craftshop/scripts/craftshop-backup.timer /etc/systemd/system/
+
+systemctl daemon-reload
+systemctl enable --now craftshop-backup.timer
+
+# Проверить статус
+systemctl list-timers craftshop-backup.timer
+
+# Ручной запуск для проверки
+systemctl start craftshop-backup.service
+ls /opt/craftshop/server/backups/
+```
+
+Бэкапы хранятся 30 дней (настраивается в `scripts/backup-db.sh`).